Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oded Goldreich – Defining Moments

Published byRosamund Shelton Modified over 6 years ago

Similar presentations

Presentation on theme: "Oded Goldreich – Defining Moments"— Presentation transcript:

1 Oded Goldreich – Defining Moments
Omer Reingold, Stanford, on OdedFest 2017

2 This Talk’s Concept Focus on Oded’s concepts How does he do it?
And what awesome concepts they are! Conceptual contributions include everything: the notions, the definitions, the notations … Even if it doesn’t start with Oded, it often ends with him How does he do it? Writing, writing and then some more writing (papers, surveys, books) His famous personal touch (more, I guess, in the evening sessions)

3 Clarifications and Warnings
Chosen definitions not meant to be representative or Oded’s best (but I love them all) Bias towards those that have impacted my own research These are all joint works; There were other papers before them and papers that followed Celebrating a community But don’t expect credits (talk to me when its your fest) Papers contain more than I discuss And to Oded: This is your research and your fest But its my talk! Just saying …

4 1st Notion: Pseudorandom Functions
Goldreich, Goldwasser and Micali, how to construct random functions, FOCS 84 and JACM 86 The title – such commitment to the computational lens. I have set up on a Manchester computer a small programme using only 1000 units of storage, whereby the machine supplied with one sixteen figure number replies with another within two seconds. I would defy anyone to learn from these replies sufficient about the programme to be able to predict any replies to untried values. A. TURING

5 Poly-Random Collections

6 Indistinguishability
g is uniform or in F ? x1 g(x1) g xt g(xt)

7 The Uphill Battle Kolmogorov Complexity: non- constructive and not applicable Comparison with One-Way functions Comparison with CSB (cryptographically strong pseudorandom bit generators) PRFs vs. simulating random oracle In particular, allows for sharing a function (distributed)

8 My Connection Learned the definition from Oded’s notes
Editor of two of the journal versions Some fond memories there 33 years to PRFs + GGM construction and countless papers – no more explanations needed

9 2nd Notion: Block Sources
Chor and Goldreich, Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity, FOCS 85, SICOMP 88

10 It Contains Everything
Min entropy as THE measure of randomness in a weak random source – X has min-entropy  k if x, Pr[X=x]<2-k Flat distributions (uniform on 2k elements) Inner product (Hadamard code) is a two-source extractor for high entropies Randomized communication complexity, slightly dependent sources, …

11 Block Source

12 My Connection Constructions of randomness extractors heavily relied on block sources First extract blocks then extract from the block-source Zig-zag product analysis measure the entropy in a pair (v,a) of (vertex,edge label), as a block source.

13 3rd Notion: Property Testing
Goldreich, Goldwasser and Ron, Property Testing and Its Connection to Learning and Approximation, FOCS 96, JACM 98

14 So What’s New? Combinatorial properties
General Distributions, a la PAC learning (Valinat)

15 Since Then Flourishing and mathematically deep field – the power of a conceptually strong work (and many more that followed) My connection – PCP composition through a stronger notion, inspired by property testing that we (Dinur and I) called “assignment testers” PCP proofs allow one to prove that a SAT formula  is satisfiable. An assignment tester allows proving that an assignment  is close to a satisfying assignment of . Oded et al rejected the gesture and in an independent work called these objects PCPPs Which stands for “Peace Corps Partnership Program” and “PCPartPicker” and “C99 preprocessor written in pure Python” but also for Probabilistically Checable Proofs of Proximity If you can’t beat them join them …

16 4th Notion: Auxiliary-Input ZK
Goldreich and Oren, Definitions and Properties of Zero- Knowledge Proof Systems. J. Cryptology 1994 Title screams “conceptual” Zero-Knowledge due to Goldwasser, Micali and Rackoff is a jewel in Cryptography’s crown. Much of the way we think of ZK was shaped by Oded’s writings - black-box ZK, auxiliary-input ZK, uniform ZK

17 What the Verifier Knows?
I’m convinced x x ZK: the verifier doesn’t learn anything (beyond validity) Auxiliary-input ZK: the verifier doesn’t learn anything new Vital for composition (either parallel or sequential)

18 Formally … Both the verifier V* and the simulator MV* have access to the auxiliary-information y

19 My Connection This year’s Gödel Prize winner – Differential Privacy
Definition of privacy in data analysis What do you learn about a particular row in a database from Differentially-Private analysis? The definition puts auxiliary-input front and center – even if you know all other rows of the database, you do not learn much about this special row (can’t achieve ZK). Here too – composition is key We recently use resilience of DP to composition for better adaptive data analysis

20 Concluding Remarks Discussed: PRFs, Block Sources, Property Testing, Auxiliary- Input ZK Wow! Conceptual contributions are long lasting What’s next?

21 Happy Birthday

Download ppt "Oded Goldreich – Defining Moments"

Similar presentations

Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.

Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.
On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Coin Tossing With A Man In The Middle Boaz Barak.

Coin Tossing With A Man In The Middle Boaz Barak.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.

Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.

Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.

Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
Individual Position Slides: Jonathan Katz (University of Maryland) (Apologies I can’t be here in person)

Individual Position Slides: Jonathan Katz (University of Maryland) (Apologies I can’t be here in person)
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.

Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.
PCPs and Inapproximability Introduction. My T. Thai 2 Why Approximation Algorithms  Problems that we cannot find an optimal solution.

PCPs and Inapproximability Introduction. My T. Thai 2 Why Approximation Algorithms  Problems that we cannot find an optimal solution.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
1 Slides by Roel Apfelbaum & Eti Ezra. Enhanced by Amit Kagan. Adapted from Oded Goldreich’s course lecture notes.

1 Slides by Roel Apfelbaum & Eti Ezra. Enhanced by Amit Kagan. Adapted from Oded Goldreich’s course lecture notes.
1 Adapted from Oded Goldreich’s course lecture notes.

1 Adapted from Oded Goldreich’s course lecture notes.
The Bright Side of Hardness Relating Computational Complexity and Cryptography Oded Goldreich Weizmann Institute of Science.

The Bright Side of Hardness Relating Computational Complexity and Cryptography Oded Goldreich Weizmann Institute of Science.
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.
Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.

Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.
Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

Similar presentations

Ads by Google